Variable naming confusion
Bob Gustafson
bobgus at rcn.com
Sun Sep 19 05:59:59 UTC 2004
To me, there is a lot of confusion in the naming and choice of values of
the SELINUX booleans. (Maybe I just don't have my head around the
concepts.. - but I don't think I am alone)
For example:
The variable 'SELINUX' in the file /etc/selinux/config has the value
choices 'enforcing' or 'permissive'.
The variable 'enforce' in the /boot/grub/grub.conf file has the value
choices '=0' or '=1'
The variable shown by the command 'getenforce' is either 'Permissive' or
'Enforcing' (note the initial capitalization)
When using the runtime command 'setenforce', the argument is either '0'
or '1'
When using the script command 'selinuxenabled', the result is '0' if it
IS enabled.
Suggestions
The variable 'SELINUX' is either 'enabled' or 'disabled'
The variable 'enforcing' is either 'enabled' or 'disabled'
(This can be named 'enforce' rather than 'enforcing' - would help when
trying to remember whether the runtime command is 'setenforce' or
'setenforcing')
The variable 'SELINUXTYPE' is 'strict', 'targeted', 'myownpolicy',
'strangleddaemons', etc.
More information about the fedora-selinux-list
mailing list